Ubuntu
samba package

Samba 3.6.3 for amd64 segfault with sig=11 on UBUNTU 12.04

Bug #1162838 reported by BitBrusher
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
New
Medium
Unassigned

Bug Description

# dpkg -l samba*|grep ii
ii samba 2:3.6.3-2ubuntu2.4
ii samba-common 2:3.6.3-2ubuntu2.4
ii samba-common-bin 2:3.6.3-2ubuntu2.4
ii samba-dbg 2:3.6.3-2ubuntu2.4

# lsb_release -rd
Description: Ubuntu 12.04.2 LTS
Release: 12.04

# apt-cache policy samba
samba:
  Installed: 2:3.6.3-2ubuntu2.4
  Candidate: 2:3.6.3-2ubuntu2.4
  Version table:
 *** 2:3.6.3-2ubuntu2.4 0
        500 http://us.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     2:3.6.3-2ubuntu2.1 0
        500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages
     2:3.6.3-2ubuntu2 0
        500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
0x00007fce4b44b43e in waitpid () from /lib/x86_64-linux-gnu/libc.so.6
#0 0x00007fce4b44b43e in waitpid () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007fce4b3d129e in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007fce4e821c5c in smb_panic (why=<optimized out>) at lib/util.c:1123
#3 0x00007fce4e812ef8 in fault_report (sig=11) at lib/fault.c:53
#4 sig_fault (sig=11) at lib/fault.c:76
#5 <signal handler called>
#6 copy_serverinfo (mem_ctx=<optimized out>, src=0x0) at auth/auth_util.c:856
#7 0x00007fce4e876b50 in make_server_info_guest (mem_ctx=<optimized out>, server_info=0x7fce50f83dd8) at auth/auth_util.c:934
#8 0x00007fce4e876045 in check_guest_security (auth_context=<optimized out>, my_private_data=<optimized out>, mem_ctx=<optimized out>, user_info=0x7fce50f86240, server_info=<optimized out>) at auth/auth_builtin.c:48
#9 0x00007fce4e8708a2 in check_ntlm_password (auth_context=0x7fce50fb7570, user_info=0x7fce50f86240, server_info=0x7fce50f83dd8) at auth/auth.c:255
#10 0x00007fce4e87d4f9 in auth_ntlmssp_check_password (ntlmssp_state=<optimized out>, mem_ctx=0x7fce50f85660, user_session_key=0x7fce50f85660, lm_session_key=0x7fce50f85670) at auth/auth_ntlmssp.c:146
#11 0x00007fce4e5eaa9a in ntlmssp_server_auth (ntlmssp_state=0x7fce50f84820, out_mem_ctx=<optimized out>, in=..., out=<optimized out>) at ../libcli/auth/ntlmssp_server.c:566
#12 0x00007fce4e5e18d2 in ntlmssp_update (ntlmssp_state=0x7fce50f84820, input=..., out=0x7fff041b8100) at libsmb/ntlmssp.c:269
#13 0x00007fce4e5e1e16 in auth_ntlmssp_update (ans=<optimized out>, request=..., reply=<optimized out>) at libsmb/ntlmssp_wrap.c:154
#14 0x00007fce4e546aa4 in reply_spnego_auth (auth_ntlmssp_state=<optimized out>, blob1=..., vuid=<optimized out>, req=0x7fce50fc89f0) at smbd/sesssetup.c:799
#15 reply_sesssetup_and_X_spnego (req=0x7fce50fc89f0) at smbd/sesssetup.c:1192
#16 reply_sesssetup_and_X (req=0x7fce50fc89f0) at smbd/sesssetup.c:1354
#17 0x00007fce4e57ffd4 in switch_message (type=115 's', req=0x7fce50fc89f0, size=260) at smbd/process.c:1574
#18 0x00007fce4e5803eb in construct_reply (deferred_pcd=0x0, encrypted=false, seqnum=<optimized out>, unread_bytes=0, size=260, inbuf=0x0, sconn=0x7fce50f735e0) at smbd/process.c:1610
#19 process_smb (sconn=0x7fce50f735e0, inbuf=<optimized out>, nread=260, unread_bytes=0, seqnum=<optimized out>, encrypted=false, deferred_pcd=0x0) at smbd/process.c:1688
#20 0x00007fce4e580803 in smbd_server_connection_read_handler (conn=0x7fce50f735e0, fd=8) at smbd/process.c:2317
#21 0x00007fce4e83191e in run_events_poll (num_pfds=2, pfds=0x7fce50f84450, pollrtn=<optimized out>, ev=0x7fce50f73520) at lib/events.c:286
#22 run_events_poll (ev=0x7fce50f73520, pollrtn=<optimized out>, pfds=0x7fce50f84450, num_pfds=2) at lib/events.c:184
#23 0x00007fce4e581f72 in smbd_server_connection_loop_once (conn=0x7fce50f735e0) at smbd/process.c:1017
#24 smbd_process (sconn=0x7fce50f735e0) at smbd/process.c:3158
#25 0x00007fce4ea8f78f in smbd_accept_connection (ev=<optimized out>, fde=<optimized out>, flags=<optimized out>, private_data=<optimized out>) at smbd/server.c:511
#26 0x00007fce4e83191e in run_events_poll (num_pfds=7, pfds=0x7fce50fadb00, pollrtn=<optimized out>, ev=0x7fce50f73520) at lib/events.c:286
#27 run_events_poll (ev=0x7fce50f73520, pollrtn=<optimized out>, pfds=0x7fce50fadb00, num_pfds=7) at lib/events.c:184
#28 0x00007fce4e831aba in s3_event_loop_once (ev=0x7fce50f73520, location=<optimized out>) at lib/events.c:349
#29 0x00007fce4e832640 in _tevent_loop_once (ev=0x7fce50f73520, location=0x7fce4ec94497 "smbd/server.c:844") at ../lib/tevent/tevent.c:494
#30 0x00007fce4e500060 in smbd_parent_loop (parent=<optimized out>) at smbd/server.c:844
#31 main (argc=<optimized out>, argv=<optimized out>) at smbd/server.c:1326
A debugging session is active.

 Inferior 1 [process 31218] will be detached.

Quit anyway? (y or n) [answered Y; input not from terminal]

Revision history for this message
Robie Basak (racb) wrote :

Thank you for filing this bug and helping to make Ubuntu better.

Setting this bug as Medium Importance for now, as it is not clear if anybody else is affected by this problem yet.

Changed in samba (Ubuntu):
importance: Undecided → Medium
Revision history for this message
BitBrusher (ethy-brito) wrote :

Addicional info.
Since last code executed before crash was "auth/auth_util.c:856" I set "log level = 0 auth:9" and got:

[2013/04/03 09:03:20.588559, 5] auth/auth.c:489(make_auth_context_subsystem)
  Making default auth method list for DC, security=user, encrypt passwords = yes
[2013/04/03 09:03:20.588606, 5] auth/auth.c:385(load_auth_module)
  load_auth_module: Attempting to find an auth method to match guest
[2013/04/03 09:03:20.588639, 5] auth/auth.c:410(load_auth_module)
  load_auth_module: auth method guest has a valid init
[2013/04/03 09:03:20.588665, 5] auth/auth.c:385(load_auth_module)
  load_auth_module: Attempting to find an auth method to match sam
[2013/04/03 09:03:20.588691, 5] auth/auth.c:410(load_auth_module)
  load_auth_module: auth method sam has a valid init
[2013/04/03 09:03:20.588716, 5] auth/auth.c:385(load_auth_module)
  load_auth_module: Attempting to find an auth method to match winbind:trustdomain
[2013/04/03 09:03:20.588742, 5] auth/auth.c:385(load_auth_module)
  load_auth_module: Attempting to find an auth method to match trustdomain
[2013/04/03 09:03:20.588768, 5] auth/auth.c:410(load_auth_module)
  load_auth_module: auth method trustdomain has a valid init
[2013/04/03 09:03:20.588793, 5] auth/auth.c:410(load_auth_module)
  load_auth_module: auth method winbind has a valid init
[2013/04/03 09:03:20.588819, 5] auth/user_info.c:59(make_user_info)
  attempting to make a user_info for ()
[2013/04/03 09:03:20.588846, 5] auth/user_info.c:70(make_user_info)
  making strings for 's user_info struct
[2013/04/03 09:03:20.588872, 5] auth/user_info.c:87(make_user_info)
  making blobs for 's user_info struct
[2013/04/03 09:03:20.588897, 3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface
[2013/04/03 09:03:20.588923, 3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password: mapped user is: []\[]@[]
[2013/04/03 09:03:20.588963, 0] lib/fault.c:47(fault_report)
  ===============================================================
[2013/04/03 09:03:20.588989, 0] lib/fault.c:48(fault_report)
  INTERNAL ERROR: Signal 11 in pid 21366 (3.6.3)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.